August 05, 2004

• I'd say that this test is misleading, as they've gone and changed the actual links from the emails... My personal phishing test is to copy the shortcut and paste into notepad. If the link is the same as it appears in the email, I may check it out, but if the link is in any way different from where I'm "supposed" do go, I know it's a scam. This test disallows me from using the very thing that is always reliable when checking for a phish-scam.
• I got a 9 out of 10 (only because I didn't look at the microsoft example. I assumed it was one of those "If you forward this Microsoft will give you money" things). Spoilers for those who want to take the test themselves * * * * * * * * I was originally thrown by the changed links as well. However, that doesn't matter since those can be spoofed or subtly misspelled. The safest way is whenever you get something, close the email, then go to the site it is alleged to be from manually, by typing the adress in yourself. I NEVER follow a link from an email that tells me they need personal information from me. If the email is legit, when you go to the site by yourself and log in, the site will normally tell you that you need to do something.
• Furthermore, what jccalhoun said. It's always wise to type in the URL yourself, and unless you have some serious malware hijacking your URLs, you'll always go to the right place. :-)
• I don't follow links to online businesses, because it's pretty much guaranteed that they'd be spam or fraud since I don't willingly receive anything from them. So I marked them all as fraud. Got 70%.
• 90% for me. Excellent link - thanks. Should be required reading for all internet users.
• 10 out of 10. w00t! As previously noted by jccalhoun, chimaera, and tracicle, any email asking you to click on the link to verify personal info is a red flag. If it's not phishing, then it's a company that doesn't know how to protect your personal information very well. Either way, you'll want to avoid them. In this little test, after the first five, you can pretty much pick up the trend enough where you don't need to go to the source code anymore.
• 9 of 10 here as well. Missed the MS one as well, it's Hotmail, it's spam by definition. Got most of them just looking at the "Dear xxxx" line. Most companies will put the name from the account there, not "Cardholder" or "Valued Customer". Ditto the never follow a link from e-mail advice as well. Legit business emails will also usually ask you to go to their site and login in, not hot link to an update page.
• 9/10. I assumed a legit paypal email was spam. I'm not clicking on links, regardless. I'll navigate to the site myself if at all possible. I really hate the "your account will be suspended" ruse. Such a vague threat to be solved by a vague action of verifying your identity. I almost labeled the MS one fraudulent (probably should have anyway) because I'd almost swear that I've missed logging in for 90 days with no effect. This isn't really a friend-vs-foe test as it is a foe-vs-company test. I'm wary of both.
• 9 out of 10, as well. But, will mailfrontier now use this to refine their emails to avoid the getting trounced by those of us who have been around a while? Who are they, anyway.
• I stopped after the first one. They've changed the source, and removed the headers. Without those it is impossible to tell for sure (although as others note above, a call to "click here" is a red flag these days). This isn't a valid test as far as I'm concerned.
• Better way to phish -- set up a merchandise site with dirt-cheap prices. Take orders, ship nothing. Remove site. Skip away merrily with nice list of thousands of valid credit card numbers.
• This isn't a valid test as far as I'm concerned. I think it is valid. This test shows, even without the links and headers and all the other things we savvier-than-your-normal-web-user monkeys do, you can still spot a fraud just by looking at it. Though explanations of what and why things were frauds and not without having to submit an email address to get their report would be much more helpful.
• The quickest way that I was able to tell which were real was that the real ones were basically the only ones that didn't ask for my creditcard number. So based on the assumption that ANY email that asks for you credit card number is fake, then the test is valid. Now, whether that criteria I just made up is valid or not is up for debate...
• I only missed the citi bank one. I should have known better since I don't even have an account there. But sending a message explaining about SSL and other security measures (I've never seen a phishing site use SSL) seemed OK to me.
• If you got less than 9 out of 10 on this quiz - (the average person gets between 9 and 10 correct - you'll want to order my no-obligation DVD, "The Asshat's Guide to Online Fraud Avoidance". You'll learn how to * Become suspicious of everything by default * Use Intarweb encryption and authentication technologies -- including DNA and Secure Sockheads Lairs * Attain depersonalization - 'cause they can't steal your identity if you don't even have one! If you don't like my DVD, there's no obligation - simply keep it and I'll charge your credit card. Order now!
• This thing's neat.. altho kinda easy since some of 'em I've gotten before.
• I missed every single one of the paypals, but got everything else. I'm never clicking on anything ever again. Except this. And this doorknob.
• Except this. And this doorknob. And this thermos. And that's all I need, and that's all I need.
• My credo? Don't be asking me for nothin' I gotta go get my purse for unless I asked you about something first. Works for panhandlers too. 8/10 - but I erred on the side of shifty-eyed suspicion. And that's some sexy shit.
• rolypolyman, give me back my money!